Blog

SASE ZTNA Remote Access Questions - Season 2

In Season 1, we compiled and asked vendors to answer quite a long list of questions, getting them answered properly was talking about an hour. We have listened to your feedback and decided to make the episodes shorter by half.
Dmitry Raidman
November 11, 2020

In Season 1, we compiled and asked vendors to answer quite a long list of questions, getting them answered properly was talking about an hour. We have listened to your feedback and decided to make the episodes shorter by half. We still compiled the long full list of questions however we will be asking only a subset of them during the recording to fit the format of 30 min. The rest of the questions (16) are shared in this post. We encourage you to identify the ones that important to you and ask the vendors while you evaluating their solution.

Questions for Season 2

  1. What's the name of the offering/product addressing the ZTNA remote access.
  2. Describe your overall architecture at a high level (ideally with a picture) - POPs, HA, bandwidth requirements, or restrictions.
  3. How do you license your product (seats, devices, concurrent connections, bandwidth) can you license it as separate module or it is extension to your more inclusive product license?
  4. How do you tie back to the User Identity and MFA?
  5. Describe end-user access options, what supported clientless, client based?
  6. What can kind of protocols your remote solution support VOIP, FileShare, SCCM, Password changes
  7. How would your solution work on slow networks or when roaming between networks?
  8. Describe reporting and alerting options (including UBA)

Additional Questions

  1. Do you have a shared responsibilities model? What responsibility is carried by the customer?
  2. What is your SLA for service availability?
  3. Describe the encryption level used between the client and the POP.
  4. Is there an option to use/import my own certificate or certificate authority into the solution?
  5. Can your solution be leveraged to discover applications that need to be exposed for remote access?
  6. Describe the system integration with SIEM and what SIEMs are supported?
  7. What are the possible ways to distribute the software client to a remote workforce?
  8. Does software client installation require a reboot?
  9. Does the software client verify posture checks before connection?
  10. Does the software client provide security posture remediation recommendations to the user such as installing patches or updating the AV signature database?
  11. Does your solution rely on hardware components in addition to the software client such as an SD-WAN device?
  12. How does the customer scale your solution deployment? Describe the path from 50 users to 5000 users.
  13. What type of certification do you get for your SaaS solution as for example FedRAMP High, SOC2 Type 2?
  14. What significant feature milestones the vendor has on their product roadmap expected in the next 12 to 18 months?
  15. How do you address the typical VPN overlapping network issue (e.g user has the same network subnet as the DC server or Azure/AWS/GCP network he/she is trying to reach)?
  16. How does your system support hardware tokens such as Yubikey or Titan kyes?

CTO Cybeats
Subscribe